ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 861:

  Which layer of the DoD TCP/IP Model ensures error-free delivery and packet sequencing?

  A. Internet layer
  B. Network access layer
  C. Host-to-host
  D. Application layer
  C. Host-to-host

  ---

  This layer of the DoD Model is also sometimes called Transport in some books but the proper name is Host-to-Host as per the RFC document.

  The host-to-host layer provides for reliable end-to-end communications, ensures the data's error- free delivery, handles the data's packet sequencing, and maintains the data's integrity.

  It is comparable to the transport layer of the OSI model.

  Reference(s) used for this question:

  http://en.wikipedia.org/wiki/Internet_protocol_suite

  and

  http://technet.microsoft.com/en-us/library/cc786900%28v=ws.10%29.aspx

  and

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 85).

• Question 862:

  A proxy is considered a:

  A. first generation firewall.
  B. third generation firewall.
  C. second generation firewall.
  D. fourth generation firewall.
  C. second generation firewall.

  ---

  The proxy (application layer firewall, circuit level proxy, or application proxy ) is a second generation firewall "First generation firewall" incorrect. A packet filtering firewall is a first generation firewall. "Third generation firewall" is incorrect. Stateful Firewall are considered third generation firewalls "Fourth generation firewall" is incorrect. Dynamic packet filtering firewalls are fourth generation firewalls References:

  CBK, p. 464 AIO3, pp. 482 - 484

  Neither CBK or AIO3 use the generation terminology for firewall types but you will encounter it frequently as a practicing security professional. See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/ user/scf4ch3.htm for a general discussion of the different generations.

• Question 863:

  Which of the following is true about link encryption?

  A. Each entity has a common key with the destination node.
  B. Encrypted messages are only decrypted by the final node.
  C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised.
  D. Only secure nodes are used in this type of transmission.
  C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised.

  ---

  In link encryption, each entity has keys in common with its two neighboring nodes in the transmission chain.

  Thus, a node receives the encrypted message from its predecessor, decrypts it, and then re- encrypts it with a new key, common to the successor node. Obviously, this mode does not provide protection if anyone of the nodes along the

  transmission path is compromised.

  Encryption can be performed at different communication levels, each with different types of protection and implications. Two general modes of encryption implementation are link encryption and end-to-end encryption.

  Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the

  packets are also encrypted. The only traffic not encrypted in this technology is the data link control messaging information, which includes instructions and parameters that the different link devices use to synchronize communication methods.

  Link encryption provides protection against packet sniffers and eavesdroppers.

  In end-to-end encryption, the headers, addresses, routing, and trailer information are not encrypted, enabling attackers to learn more about a captured packet and where it is headed.

  Reference(s) used for this question:

  Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (pp. 845-846). McGraw- Hill.

  And:

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 4: Cryptography (page 132).

• Question 864:

  Which SSL version offers client-side authentication?

  A. SSL v1
  B. SSL v2
  C. SSL v3
  D. SSL v4
  C. SSL v3

  ---

  Secure Sockets Layer (SSL) is the technology used in most Web-based applications. SSL version 2.0 supports strong authentication of the web server, but the authentication of the client side only comes with version 3.0. SSL v4 is not a defined standard. Source: TIPTON, Harold F. and KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 3, Secured Connections to External Networks (page 54).

• Question 865:

  Which security model uses division of operations into different parts and requires different users to perform each part?

  A. Bell-LaPadula model
  B. Biba model
  C. Clark-Wilson model
  D. Non-interference model
  C. Clark-Wilson model

  ---

  The Clark-Wilson model uses separation of duties, which divides an operation into different parts and requires different users to perform each part. This prevents authorized users from making unauthorized modifications to data, thereby

  protecting its integrity.

  The Clark-Wilson integrity model provides a foundation for specifying and analyzing an integrity policy for a computing system.

  The model is primarily concerned with formalizing the notion of information integrity. Information integrity is maintained by preventing corruption of data items in a system due to either error or malicious intent. An integrity policy describes how

  the data items in the system should be kept valid from one state of the system to the next and specifies the capabilities of various principals in the system. The model defines enforcement rules and certification rules.

  The model's enforcement and certification rules define data items and processes that provide the basis for an integrity policy. The core of the model is based on the notion of a transaction.

  A well-formed transaction is a series of operations that transition a system from one consistent state to another consistent state.

  In this model the integrity policy addresses the integrity of the transactions.

  The principle of separation of duty requires that the certifier of a transaction and the implementer be different entities.

  The model contains a number of basic constructs that represent both data items and processes that operate on those data items. The key data type in the Clark-Wilson model is a Constrained Data Item (CDI). An Integrity Verification

  Procedure (IVP) ensures that all CDIs in the system are valid at a certain state. Transactions that enforce the integrity policy are represented by Transformation Procedures (TPs). A TP takes as input a CDI or Unconstrained Data Item (UDI) and produces a CDI. A TP must transition the system from one valid state to another valid state. UDIs represent system input (such as that provided by a user or adversary). A TP must guarantee (via certification) that it transforms all possible values of a UDI to a "safe" CDI.

  In general, preservation of data integrity has three goals:

  Prevent data modification by unauthorized parties

  Prevent unauthorized data modification by authorized parties

  Maintain internal and external consistency (i.e. data reflects the real world)

  Clark-Wilson addresses all three rules but BIBA addresses only the first rule of intergrity.

  References:

  HARRIS, Shon, All-In-One CISSP Certification Fifth Edition, McGraw-Hill/Osborne, Chapter 5:

  Security Architecture and Design (Page 341-344).

  and

  http://en.wikipedia.org/wiki/Clark-Wilson_model

• Question 866:

  What type of cable is used with 100Base-TX Fast Ethernet?

  A. Fiber-optic cable
  B. Category 3 or 4 unshielded twisted-pair (UTP).
  C. Category 5 unshielded twisted-pair (UTP).
  D. RG-58 cable.
  C. Category 5 unshielded twisted-pair (UTP).

  ---

  This is the type of cabling recommended for 100Base-TX networks.

  Fiber-optic cable is incorrect. Incorrect media type for 100Base-TX -- 100Base-FX would denote fiber optic cabling.

  "Category 3 or 4 unshielded twisted-pair (UTP)" is incorrect. These types are not recommended for 100Mbps operation.

  RG-58 cable is incorrect. Incorrect media type for 100Base-TX.

  References

  CBK, p. 428

  AIO3, p. 455

• Question 867:

  Attributable data should be:

  A. always traced to individuals responsible for observing and recording the data
  B. sometimes traced to individuals responsible for observing and recording the data
  C. never traced to individuals responsible for observing and recording the data
  D. often traced to individuals responsible for observing and recording the data
  A. always traced to individuals responsible for observing and recording the data

  ---

  As per FDA data should be attributable, original, accurate, contemporaneous and legible. In an automated system attributability could be achieved by a computer system designed to identify individuals responsible for any input. Source: U.S. Department of Health and Human Services, Food and Drug Administration, Guidance for Industry - Computerized Systems Used in Clinical Trials, April 1999, page 1.

• Question 868:

  Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?

  A. Steganography
  B. Digital watermarking
  C. Digital enveloping
  D. Digital signature
  B. Digital watermarking

  ---

  RFC 2828 (Internet Security Glossary) defines digital watermarking as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data-text, graphics, images, video, or audio#and for detecting or extracting the marks later. The set of embedded bits (the digital watermark) is sometimes hidden, usually imperceptible, and always intended to be unobtrusive. It is used as a measure to protect intellectual property rights. Steganography involves hiding the very existence of a message. A digital signature is a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity. A digital envelope is a combination of encrypted data and its encryption key in an encrypted form that has been prepared for use of the recipient.

  Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

• Question 869:

  A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle?

  A. project initiation and planning phase
  B. system design specification phase
  C. development and documentation phase
  D. acceptance phase
  D. acceptance phase

  ---

  The Answer: "acceptance phase". Note the question asks about an "evaluation report" - which details how the system evaluated, and an "accreditation statement" which describes the level the system is allowed to operate at. Because those

  two activities are a part of testing and testing is a part of the acceptance phase, the only answer above that can be correct is "acceptance phase".

  The other answers are not correct because:

  The "project initiation and planning phase" is just the idea phase. Nothing has been developed yet to be evaluated, tested, accredited, etc.

  The "system design specification phase" is essentially where the initiation and planning phase is fleshed out. For example, in the initiation and planning phase, we might decide we want the system to have authentication. In the design

  specification phase, we decide that that authentication will be accomplished via username/password. But there is still nothing actually developed at this point to evaluate or accredit.

  The "development and documentation phase" is where the system is created and documented. Part of the documentation includes specific evaluation and accreditation criteria. That is the criteria that will be used to evaluate and accredit the

  system during the "acceptance phase".

  In other words - you cannot evaluate or accredit a system that has not been created yet. Of the four answers listed, only the acceptance phase is dealing with an existing system. The others deal with planning and creating the system, but the

  actual system isn't there yet.

  Reference:

  Official ISC2 Guide Page: 558 - 559

  All in One Third Edition page: 832 - 833 (recommended reading)

• Question 870:

  What is the RESULT of a hash algorithm being applied to a message ?

  A. A digital signature
  B. A ciphertext
  C. A message digest
  D. A plaintext
  C. A message digest

  ---

  As when a hash algorithm is applied on a message , it produces a message digest.

  The other answers are incorrect because :

  A digital signature is a hash value that has been encrypted with a sender's private key.

  A ciphertext is a message that appears to be unreadable.

  A plaintext is a readable data.

  Reference : Shon Harris , AIO v3 , Chapter-8 : Cryptography , Page : 593-594 , 640 , 648